From dba185605b1f9ce2d8d7e90b956abe9fa0487f24 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Wed, 26 Oct 2005 19:05:32 +0000
Subject: Relevant BUGIDs: Red Hat bz 168180

Purpose of commit: bugfix

Commit summary:
---------------
2005-10-26  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
        modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
        modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
        uid to 0 before executing the helper if SELinux is enabled.
        * modules/pam_unix/unix_chkpwd.c (main): Disable user check only
        if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
---
 ChangeLog | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 27289235..8941c316 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2005-10-26  Tomas Mraz  <t8m@centrum.cz>
+
+	* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
+	modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
+	modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
+	uid to 0 before executing the helper if SELinux is enabled.
+	* modules/pam_unix/unix_chkpwd.c (main): Disable user check only
+	if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
+	
+	
 2005-10-20  Tomas Mraz	<t8m@centrum.cz>
 
 	* configure.in: Added check for xauth binary and --with-xauth option.
-- 
cgit v1.2.3